Saving debug log to /var/log/letsencrypt/letsencrypt.log
Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command. The renew verb may provide other options for selecting certificates to renew in the future.

$ sudo /usr/bin/letsencrypt certonly --webroot -w /var/www/files.matoken.org/ -d files.mato
ken.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for files.matoken.org
Using the webroot path /var/www/files.matoken.org for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0003_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0003_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/files.matoken.org/fullchain.pem. Your cert
will expire on 2018-05-31. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

$ sudo apt remove certbot
$ sudo apt install python-certbot-apache -t stretch-backports
$ apt show certbot
Package: certbot
Version: 0.21.1-1~bpo9+1
Priority: optional
Section: web
Source: python-certbot
Maintainer: Debian Let's Encrypt <letsencrypt-devel@lists.alioth.debian.org>Installed-Size: 53.2 kBProvides: letsencryptDepends: python3-certbot (= 0.21.1-1~bpo9+1), python3:anySuggests: python3-certbot-apache, python3-certbot-nginx, python-certbot-docBreaks: letsencrypt (<= 0.6.0)Replaces: letsencryptHomepage: https://certbot.eff.org/Download-Size: 20.4 kBAPT-Manual-Installed: noAPT-Sources: http://ftp.jp.debian.org/debian stretch-backports/main amd64 PackagesDescription: automatically configure HTTPS using Let's Encrypt
The objective of Certbot, Let's Encrypt, and the ACME (Automated Certificate Management Environment) protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server. . This agent is used to: . - Automatically prove to the Let's Encrypt CA that you control the website
- Obtain a browser-trusted certificate and set it up on your web server
- Keep track of when your certificate is going to expire, and renew it
- Help you revoke the certificate if that ever becomes necessary.
.
This package contains the main application, including the standalone
and the manual authenticators.
N: There is 1 additional record. Please use the '-a' switch to see it